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II. RELATED APPEALS AND INTERFERENCES 



III. STATUS OF THE CLAIMS 

Claims 1-17, 19, 20, 22-28, 30, 32, 34-36, 39, 41 and 43-47 have been finally rejected 
and are the subject of this appeal. Claims 18, 21, 29, 31, 33, 37-38, 40, and 42 have been 
cancelled. 
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IV. STATUS OF AMENDMENTS 

No amendment after the final rejection of May 20, 2009 has been submitted. Therefore, 
all amendments have been entered. 

V. SUMMARY OF THE CLAIMED SUBJECT MATTER 

The following provides a concise explanation of the subject matter defined in each of the 
independent claims involved in the appeal, referring to the specification by page and line number 
and to the drawings by reference characters, as required by 37 C.F.R. § 41.37(c)(l)(v). Each 
element of the claims is identified by a corresponding reference to the specification and drawings 
where applicable. Note that the citation to passages in the specification and drawings for each 
claim element does not imply that the limitations from the specification and drawings should be 
read into the corresponding claim element. 
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Independent claim 1 recites a memory protection system comprising: 

a key store (Fig. 1:18) to store identifiers of protected memory locations and 
respective corresponding memory protection keys (Spec, p. 8, In. 4-18; p. 11, In. 4-17); 
and 

a memory access manager (Fig. 1:16) including at least hardware (Spec, p. 9, In. 
6-7) configured to: 

receive (Fig. 3:32) a memory command for altering contents of any of the 
protected memory locations (Spec, p. 19, In. 3-6; p. 19, In. 26 - p. 20, In. 2), 

determine (Fig. 3:36) whether the memory command includes a memory 
protection key corresponding to at least one of said protected memory locations to be 
altered, wherein the memory protection key in the memory command is written to a 
volatile memory (Spec, p.20, In. 10-17), 

if the memory command includes the memory protection key corresponding to 
each protected memory location to be altered, permit (Fig. 3:40, 42) the memory 
command to proceed (Spec, p.21, In. 5-11), and 

then render (Fig. 4:44) the memory protection key in the memory command 
inaccessible by overwriting at least a portion of the memory protection key written to the 
volatile storage such that the memory protection key written to the volatile memory is 
inaccessible after completion of the memory command (Spec, p.21, In. 8-11; p. 17, In. 
13-18). 
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Independent claim 16 recites an electronic device comprising: 
a memory (Fig. 1:20; Spec, p. 8, In. 1-4); 

a wireless receiver (Fig. 1:12) configured to receive data relating to a remote 
software update to be written to the memory (Spec, p. 6, In. 13-15; p. 14, In. 11-18); 

a memory protection system (Fig. 1:16, 18) associating protected memory 
locations in the memory with respective corresponding keys, and configured to allow the 
received data to be written to any of the protected memory locations only if the received 
data includes a key corresponding to the protected memory location to which the received 
data is to be written and to render the corresponding key in the received data inaccessible 
after allowing the received data to be written to the protected memory location (Spec, p. 
8, In. 1-18; p. 11, In. 4-17, 28-29; p. 14, In. 4-10; p. 21, In. 5-11); and 

volatile storage (Fig. 1:22) having unprotected memory locations, the memory 
protection system configured to download the received data including the key to the 
unprotected memory locations of the volatile storage prior to writing the received data to 
the protected memory locations, and the memory protection system to render the key 
inaccessible by overwriting at least a portion of the key (Spec, p. 5, In. 20; p. 17, In. 13- 
18; p. 20, In. 3-9). 
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Independent claim 22 recites a method of protecting memory (Fig. 1:20; Spec, p. 8, In. 1- 

4) in an electronic device, comprising: 

receiving (Fig. 3:32) a memory command to access a protected memory location 
(Spec, p. 19, In. 6-8; p. 19, In. 26 - p. 20, In. 2); 

determining whether the received memory command is a memory read command 
to read the protected memory location, or a memory write command to alter the protected 
memory location (Spec, p. 19, In. 8-16); 

in response to determining that the received memory command is the memory 
write command (Spec, p. 19, In. 10-13): 

identifying (Fig. 3:36) a memory protection key corresponding to the protected 
memory location (Spec, p. 20, In. 10-17); 

determining (Fig. 3:36)whether the memory write command includes the memory 
protection key corresponding to the protected memory location, wherein at least the 
memory protection key in the memory write command has been written to volatile 
memory (Spec, p. 20, In. 10-17); 

permitting (Fig. 3:40, 42) completion of the memory write command if the 
memory write command includes the memory protection key corresponding to the 
protected memory location (Spec, p. 21, In. 5-11); and 

rendering (Fig. 4:44) the memory protection key in the memory write command 
that has been written to the volatile memory inaccessible by overwriting at least a portion 
of the memory protection key in the volatile memory upon completion of the memory 
write command to make the memory protection key in the volatile memory inaccessible 
after completion of the memory write command (Spec, p. 21, In. 8-11; p. 17, In. 13-18); 
and 

in response to determining that the received memory command is the memory 
read command, processing the memory read command to read the protected memory 
location without checking for any memory protection key (Spec, p. 19, In. 13-15). 



Independent claim 36 recites a method of protecting electronic memory (Fig. 1:20; Spec, 

p. 8. In. 1-4), comprising: 

configuring a memory store (Fig. 1:20, 18) of an electronic device into at least 
one protected memory location and a key store operable to store an identifier of each 
protected memory location and a respective corresponding memory protection key 
(Spec, p. 8, In. 1-18; p. 11, In. 4-17); and 
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configuring a processor (Fig. 1:14) of the electronic device to provide a memory 
access manager operable to receive memory commands for altering contents of any of the 
at least one protected memory location (Spec, p. 20, In. 10-17), and for at least one 
memory command, to: 

determine (Fig. 3:36) whether the at least one memory command includes a 
memory protection key corresponding to at least one protected memory location to be 
modified, said at least one memory command including the memory protection key 
corresponding to at least one said protected memory location to be modified (Spec, p. 20, 
In. 10-17), 

permit (Fig. 3:40, 42) the at least one memory command to complete (Spec, p. 
21, In. 5-11), and 

then render (Fig. 3:44) each corresponding memory protection key in the at least 
one memory command inaccessible by overwriting at least a portion of the memory 
protection key upon completion of the at least one memory command, wherein the at 
least one memory command corresponds to a remote software update received by a 
wireless receiver for updating the at least one protected memory location to be modified 
(Spec, p. 21, In. 8-11; p. 17, In. 13-18; p. 19, In. 26-29). 
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VI. GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

A. Claims 1, 9, 10, 22-28, 30, 32, 34, 35, 41 and 46 were rejected under 35 U.S.C. § 
103(a) as being unpatentable over Bryant, US 5,628,023 in view of Bishop Computer 
Security, Chapter 29.5 "Common Security-Related Programming Problems" 

B. Claims 1, 2, 4, 7-9, 11-15 and 46 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Beukema US Patent Application Publication No. 2002/0124148 in 
view of Bishop 

C. Claims 16, 17, 19, 20, 22, 25, 36, 39, 43-45 and 47 were rejected under 35 U.S.C. § 
103(a) as being unpatentable over Hind, US 6,976,163 in view of Bryant and Bishop 

D. Claims 1 and 3-6 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
England, US 7,194,092 in view of Bishop 



VII. ARGUMENT 

The claims do not stand or fall together. Instead, Appellant presents separate arguments 
for various independent and dependent claims. Each of these arguments is separately argued 
below and presented with separate headings and sub-headings as required by 37 C.F.R. 
§ 41.37(c)(l)(vii). 

A. Claims 1, 9, 10, 22-28, 30, 32, 34, 35, 41 and 46 were rejected under 35 U.S.C. § 
103(a) as being unpatentable over Bryant, US 5,628,023 in view of Bishop Computer 
Security, Chapter 29.5 "Common Security-Related Programming Problems" 

1. Claims 22-25, 30, 32, 34, 35. 

Independent claim 22 was rejected as purportedly obvious over Bryant in view of Bishop. 
Claim 22 recites a method of protecting memory in an electronic device, comprising: 

■ receiving a memory command to access a protected memory location; 

■ determining whether the received memory command is a memory read command to 
read the protected memory location, or a memory write command to alter the 
protected memory location; 

■ in response to determining that the received memory command is the memory write 
command: 
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■ identifying a memory protection key corresponding to the protected memory 
location; 

■ determining whether the memory write command includes the memory 
protection key corresponding to the protected memory location, wherein at 
least the memory protection key in the memory write command has been 
written to volatile memory; 

■ permitting completion of the memory write command if the memory write 
command includes the memory protection key corresponding to the protected 
memory location; and 

■ rendering the memory protection key in the memory write command that has 
been written to the volatile memory inaccessible by overwriting at least a 
portion of the memory protection key in the volatile memory upon completion 
of the memory write command to make the memory protection key in the 
volatile memory inaccessible after completion of the memory write command; 
and 

■ in response to determining that the received memory command is the memory read 
command, processing the memory read command to read the protected memory 
location without checking for any memory protection key. 

As conceded by the Examiner, Bryant fails to disclose rendering the memory protection 
key in the memory write command inaccessible by overwriting at least a portion of the memory 
protection key upon completion of the memory write command. 5/20/2000 Office Action at 9- 
10. Instead, the Examiner cited Bishop as purportedly disclosing the claimed feature missing 
from Bryant. Id. at 10. 

It is respectfully submitted that a person of ordinary skill in the art would not have been 
prompted to combine the teachings of Bryant and Bishop. As taught by Bryant, a user program 
stores a token in a register location. Bryant 19:41-42. Subsequently, when the user program 
issues an instruction to modify the information currently stored in a previously protected page, 
the user program issues a special instruction that retrieves the token from the register and 
provides the token to the hardware. Id. 19:43-50. The token that is provided by the user 
program (retrieved from the register) is compared to a token assigned to a protected page frame, 
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and if the tokens match, the hardware permits the user program to update the protected memory 
location. Id. 19:59-67. 

Significantly, as specifically taught by Bryant, the user program stores the token in the 
register for future use, i.e., for subsequent retrieval when using one of the special instructions. 
Id., 17:35-37. As further taught by Bryant, "other programs can be authorized to store to the 
protected page if they are provided with the location of the register storing the token." Id. 17:37- 
40. Thus, Bryant actually would have led a person of ordinary skill in the art away from the 
claimed invention, which recites that the memory protection key in the memory write command 
that has been written to the volatile memory is rendered inaccessible by overwriting at least a 
portion of the memory protection key in the volatile memory upon completion of the memory 
write command to make the memory protection key in the volatile memory inaccessible after 
completion of the memory write command. 

The Response to Arguments section of the Office Action attempts to rebut the foregoing 
arguments by citing column 5, line 56 - column 6, line 6, of Bryant. Specifically, the Examiner 
referred to the discussion in Bryant that a user program issues a special instruction that retrieves 
the previously stored token from its register. 5/20/2009 Office Action at 3. According to the 
Examiner, Bryant "inherently requires storing the token to a volatile memory separate from the 
aforementioned register for the verification process." Id. Retrieving the token from the register 
to volatile memory does not change the fact the Bryant still teaches the storage of a token in a 
register for future use, in contradiction of the subject matter of claim 22, which recites rendering 
the memory protection key in the memory write command that has been written to the volatile 
memory inaccessible by overwriting at least a portion of the memory protection key in the 
volatile memory upon completion of the memory write command to make the memory 
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protection key in the volatile memory inaccessible after completion of the memory write 
command. In Bryant, persistent storage of the token is provided such that the goal of rendering 
the token inaccessible as recited in claim 22 cannot be achieved. 

Even assuming for the sake of argument that the Examiner is correct in stating that 
Bryant would inherently require storing the token of the register in volatile memory, it is noted 
that there would be absolutely no reason whatsoever to render the memory protection key in the 
memory write command that has been written to volatile memory inaccessible by overwriting at 
least a portion of the memory protection key in the volatile memory upon completion of the 
memory write command, since Bryant specifically teaches that the key would remain accessible 
for future use in the register. Thus, it would be clear that Bryant would not take the unnecessary 
step of rendering a version of the key in volatile memory inaccessible, while allowing the key in 
the register to remain accessible for future use. 

The teachings of Bryant relating to token storage for future use would have led a person 
of ordinary skill in the art away from the claimed invention, and away from using the techniques 
mentioned in Bishop regarding erasing, deleting, or deallocating sensitive information. Stated 
differently, if the techniques of Bishop were to be applied to the teachings of Bryant, then Bryant 
would have been rendered inoperable for its intended purpose, which is to allow the token in 
the register to be accessible for future memory operations or even for use by other programs. 
The objective evidence of record thus establishes that a person of ordinary skill in the art would 
have found no reason to combine the teachings of Bryant and Bishop to achieve the claimed 
invention. 

In view of the foregoing, it is respectfully submitted that the obviousness rejection of 
claim 22 and its dependent claims is erroneous. 
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Reversal of the final rejection of the above claims is respectfully requested. 

2. Claims 26-28. 

Claims 26-28 depend from claim 44, which in turn depends from claim 25, which 
depends from claim 22. Therefore, claims 26-28 are allowable for at least the same reasons as 
base claim 22. Moreover, it is respectfully submitted that the rejection of claims 26-28 over 
Bryant and Bishop is erroneous since the Examiner had not rejected intervening claim 44 over 
Bryant and Bishop. Claim 44 specifically recites receiving, by a wireless receiver, a remote 
software update to be written to the protected memory location. This feature is clearly not 
disclosed by or hinted at by Bryant and Bishop. 

Therefore, since claims 26-28 depend from claim 44, it is clear that the subject matter of 
claims 26-28 is not disclosed or hinted at by the hypothetical combination of Bryant and Bishop. 

Claims 26-28 are therefore further allowable for the foregoing reasons. 

Reversal of the final rejection of the above claims is respectfully requested. 

3. Claims 1, 9, 10, 41, 46. 

Independent claim 1 is allowable over Bryant and Bishop for similar reasons as those 
stated above with respect to claim 22. Specifically, claim 1 recites that if a received memory 
command includes a memory protection key corresponding to each protected memory to be 
altered, the memory command is permitted to proceed, and the memory protection key in the 
memory command is then rendered inaccessible by overwriting at least a portion of the memory 
protection key written to the volatile storage such that the memory protection key written to the 
volatile storage is inaccessible after completion of the memory command. 



11 



Appln. Serial No. 10/813,003 
Appeal Brief Under 37 C.F.R. § 41.37 

As noted above, Bryant would have led away from the claimed invention, and from using 
the techniques mentioned in Bishop regarding erasing, deleting, or deallocating sensitive 
information. Specifically, Bryant discloses that a token stored in a register is kept to allow for 
future access, which is contrary to the subject matter of claim 1. 

Since no reason existed that would have prompted a person of ordinary skill in the art to 
combine the teachings of Bryant and Bishop, the obviousness rejection of claim 1 and its 
dependent claims over Bryant and Bishop is erroneous. 

Reversal of the final rejection of the above claims is respectfully requested. 

B. Claims 1, 2, 4, 7-9, 11-15 and 46 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Beukema US Patent Application Publication No. 2002/0124148 in 
view of Bishop 

1. Claims 1, 2, 4, 7-9, 11-15, 46. 

The obviousness rejection of claim 1 over Beukema and Bishop is also defective. 
Beukema describes accessing a protection/translation table to retrieve a protection key, and to 
compare the protection key to a protection key received in an access to main memory. Beukema, 
1 [0054]. However, there is no hint in Beukema of any desirability to render this protection key 
inaccessible by overwriting at least a portion of such protection key. Therefore, a person of 
ordinary skill in the art would not have been prompted to combine the teachings of Beukema and 
Bishop to achieve the claimed subject matter. 

In fact, this point is reinforced by the teachings of Bryant, which constitutes objective 
evidence that a person of ordinary skill in the art would have been led away from the claimed 
invention. 

In view of the foregoing, it is respectfully submitted that the obviousness rejection of 
claim 1 and its dependent claims over Beukema and Bishop is erroneous. 
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Reversal of the final rejection of the above claims is respectfully requested. 



C. Claims 16, 17, 19, 20, 22, 25, 36, 39, 43-45 and 47 were rejected under 35 U.S.C. § 
103(a) as being unpatentable over Hind, US 6,976,163 in view of Bryant and Bishop 

1. Claims 16, 17, 19, 20, 36, 39, 43, 45, 47. 

Independent claim 16 is non-obvious over Hind, Bryant, and Bishop. 
Claim 16 recites an electronic device comprising: 

■ a memory; 

■ a wireless receiver configured to receive data relating to a remote software update to 
be written to the memory; 

■ a memory protection system associating protected memory locations in the memory 
with respective corresponding keys, and configured to allow the received data to be 
written to any of the protected memory locations only if the received data includes a 
key corresponding to the protected memory location to which the received data is to 
be written and to render the corresponding key in the received data inaccessible after 
allowing the received data to be written to the protected memory location; and 

■ volatile storage having unprotected memory locations, the memory protection system 
configured to download the received data including the key to the unprotected 
memory locations of the volatile storage prior to writing the received data to the 
protected memory locations, and the memory protection system to render the key 
inaccessible by overwriting at least a portion of the key. 

With respect to claim 16, the Examiner stated that "Hind discloses an electronic device 
comprising a memory; a wireless receiver configured to receive data relating to a remote 
software update to be written to the memory, and means to securely update the software files via 
update rules." 5/20/2009 Office Action at 14-15. It is noted that claim 16 does not recite "means 
to securely update the software files via update rules." In any event, it appears that the Examiner 
has conceded that Hind fails to disclose all remaining elements of claim 16, including the 
"memory protection system" element and the "volatile storage" element of claim 16. Instead, the 
Examiner cited Bryant as purportedly disclosing these claimed features that were conceded to be 
missing from Hind. Id. at 15-16. 
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The "memory protection" clause of claim 16 recites that the memory protection system is 
configured to allow the received data to be written to any of the protected memory locations only 
if the received data includes a key corresponding to the protected memory location to which the 
received data is to be written and to render the corresponding key in the received data 
inaccessible after allowing the received data to be written to the protected memory location. 

The "volatile storage" clause of claim 16 recites: 

volatile storage having unprotected memory locations, the memory 
protection system configured to download the received data 
including the key to the unprotected memory locations of the 
volatile storage prior to writing the received data to the protected 
memory locations, and the memory protection system to render 
the key inaccessible by overwriting at least a portion of the key. 

As discussed above, Bryant would have led a person of ordinary skill away from the 
foregoing claimed subject matter, since Bryant contemplates that the token contained in its 
register is made accessible for future use by the user program or by other programs. Bryant, 
17:35-40. Thus, a person of ordinary skill in the art would have been led away from making the 
combination of Hind, Bryant, and Bishop to achieve the subject matter of claim 16. In fact, if the 
teachings of Bishop were to be incorporated into Bryant, then Bryant would be rendered 
inoperable for its intended purpose. 

In view of the foregoing, it is respectfully submitted that the obviousness rejection of 
claim 16 and its dependent claims is erroneous. Independent claim 36 and its dependent claims 
are also similarly allowable over Hind, Bryant, and Bishop. 

Reversal of the final rejection of the above claims is respectfully requested. 
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2. Claims 22, 25, 44. 

Independent claim 22 was also rejected as obvious over Hind, Bryant, and Bishop (rather 
than just over Bryant and Bishop as discussed above). 

In the rejection of claim 22, the Examiner cited Hind as purportedly disclosing "a method 
to remotely update software via update rules contained in the update; receiving the update 
comprises receiving, via a wireless receiver." 5/20/2009 Office Action at 17. It is noted that 
claim 22 does not recite the subject matter that was paraphrased on page 17 of the Office Action 
in the rejection of claim 22. In any event, it appears that the Examiner has conceded that Hind 
fails to disclose the remaining elements of claim 22. The Examiner cited Bryant and Bishop as 
purportedly disclosing the vast majority of the elements of claim 22. Id. at 18-19. 

As discussed above, it is clear that Bryant provides absolutely no hint whatsoever of 
rendering the memory protection key in the memory write command that has been written to the 
volatile memory inaccessible by overwriting at least a portion of the memory protection key in 
the volatile memory upon completion of the memory write command to make the memory 
protection key in the volatile memory inaccessible after completion of the memory write 
command. In fact, Bryant would have led away from the claimed subject matter and from a 
combination with Bishop. 

Therefore, a person of ordinary skill in the art clearly would not have been prompted to 
combine the teachings of Hind, Bryant, and Bishop to achieve the claimed invention. As noted 
above, if the techniques of Bishop were to be applied to the teachings of Bryant, then Bryant 
would be rendered inoperable for its intended purpose, which is strongly indicative of the fact 
that a person of ordinary skill in the art would not have been prompted to combine the teachings 
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of the references to achieve the claimed invention. Therefore, claim 22 and its dependent claims 
are also non-obvious over Hind, Bryant, and Bishop. 

Reversal of the final rejection of the above claims is respectfully requested. 

D. Claims 1 and 3-6 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
England, US 7,194,092 in view of Bishop 

1. Claims 1, 3-6. 

The obviousness rejection of independent claim 1 over England and Bishop is also 
erroneous. 

England refers to an application passing a rights manager certificate and application 
storage key to a digital rights management operating system (DRMOS). The DRMOS validates 
the key and compares the rights manager certificate against an access predicate. The DRMOS 
also determines if the application's use of the content is permitted under the license and allows 
access if it is. England, 10:41-51. However, England does not disclose or hint at rendering a 
memory protection key inaccessible by overwriting at least a portion of the memory protection 
key. In fact, there is nothing in England to hint at any desirability of incorporating such a 
feature. Therefore, a person of ordinary skill in the art would not have been prompted to 
incorporate the teachings of Bishop in England to achieve the claimed subject matter. 

Again, the teachings of Bryant constitute objective evidence that a person of ordinary 
skill in the art would have been led away from the invention. Therefore, claim 1 and its 
dependent claims are also non-obvious over England and Bishop. 

Reversal of the final rejection of the above claims is respectfully requested. 
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CONCLUSION 

In view of the foregoing, reversal of all final rejections and allowance of all pending 
claims is respectfully requested. 

Respectfully submitted, 



Date: November 2, 2009 



/Dan C. Hu/ 



Dan C. Hu 

Registration No. 40,025 
TROP, PRUNER & HU, P.C. 
1616 South Voss Road, Suite 750 
Houston, TX 77057-2631 
Telephone: (713) 468-8880 
Facsimile: (713) 468-8883 
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VIII. APPENDIX OF APPEALED CLAIMS 

The claims on appeal are (claims 18, 21, 29, 31, 33, 37-38, 40, and 42 have been 
cancelled): 



1 1 . A memory protection system comprising: 

2 a key store to store identifiers of protected memory locations and respective 

3 corresponding memory protection keys; and 

4 a memory access manager including at least hardware configured to: 

5 receive a memory command for altering contents of any of the protected memory 

6 locations, 

7 determine whether the memory command includes a memory protection key 

8 corresponding to at least one of said protected memory locations to be altered, wherein the 

9 memory protection key in the memory command is written to a volatile memory, 

10 if the memory command includes the memory protection key corresponding to 

1 1 each protected memory location to be altered, permit the memory command to proceed, and 

12 then render the memory protection key in the memory command inaccessible by 

13 overwriting at least a portion of the memory protection key written to the volatile storage such 

14 that the memory protection key written to the volatile memory is inaccessible after completion of 

15 the memory command. 

1 2. The system of claim 1, wherein the identifiers comprise addresses in a protected 

2 memory. 

1 3. The system of claim 1, wherein the identifiers comprise names of protected files in a 

2 memory. 

1 4. The system of claim 1, wherein the identifiers identify data entries in a protected 

2 memory. 
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1 5. The system of claim 1, wherein each of the memory protection keys comprises a 

2 modified version of a data sequence. 

1 6. The system of claim 5, wherein the modified version comprises a hash of the data 

2 sequence. 

1 7. The system of claim 1, wherein the key store stores a mapping table that maps each 

2 identifier to a corresponding memory protection key. 

1 8. The system of claim 7, wherein at least one of the identifiers is mapped to multiple 

2 corresponding memory protection keys. 

1 9. The system of claim 1, implemented in an electronic device having a memory, the 

2 memory comprising the protected memory locations and unprotected memory locations. 

1 10. The system of claim 9, wherein the memory access manager is further configured to 

2 receive memory commands for altering contents of the unprotected memory locations, and to 

3 permit the memory commands for altering contents of the unprotected memory locations without 

4 checking for any memory protection key. 

1 11. The system of claim 1, wherein the memory access manager is further configured to 

2 perform the memory command that includes the memory protection key corresponding to each 

3 protected memory location to be altered. 

1 12. The system of claim 1, implemented in an electronic device, wherein the memory 

2 command is received by the memory access manager from an originating electronic device 

3 component, and wherein the originating electronic device component proceeds with the memory 

4 command permitted by the memory access manager. 

1 13. The system of claim 12, wherein the originating electronic device component is a 

2 memory update module. 

ii 
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1 14. The system of claim 12, wherein the originating electronic device component sends 

2 memory commands to the memory access manager responsive to data received at the electronic 

3 device. 

1 15. The system of claim 14, wherein the originating electronic device component is further 

2 configured to extract a received memory protection key from the received data and to provide the 

3 received memory protection key to the memory access manager. 

1 16. An electronic device comprising: 

2 a memory; 

3 a wireless receiver configured to receive data relating to a remote software update to be 

4 written to the memory; 

5 a memory protection system associating protected memory locations in the memory with 

6 respective corresponding keys, and configured to allow the received data to be written to any of 

7 the protected memory locations only if the received data includes a key corresponding to the 

8 protected memory location to which the received data is to be written and to render the 

9 corresponding key in the received data inaccessible after allowing the received data to be written 

10 to the protected memory location; and 

1 1 volatile storage having unprotected memory locations, the memory protection system 

12 configured to download the received data including the key to the unprotected memory locations 

13 of the volatile storage prior to writing the received data to the protected memory locations, and 

14 the memory protection system to render the key inaccessible by overwriting at least a portion of 

15 the key. 

1 17. The electronic device of claim 16, wherein the volatile storage is part of the memory. 
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1 19. The electronic device of claim 16, wherein the memory protection system comprises: 

2 a key store storing a mapping table that associates the protected memory locations with 

3 the respective corresponding keys; and 

4 a memory access manager configured to: 

5 process a memory command for writing the received data to any of the protected 

6 memory locations, 

7 determine whether the received data includes the key corresponding to any of the 

8 protected memory locations to which the received data is to be written, 

9 if the received data includes the key corresponding to a protected memory 

10 location to which the received data is to be written, 

1 1 permit the memory command to proceed, and 

12 then render the corresponding key in the received data inaccessible. 

1 20. The electronic device of claim 19, wherein the memory comprises a file system, and 

2 wherein the key store resides at a secure location in the memory outside the file system. 
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1 22. A method of protecting memory in an electronic device, comprising: 

2 receiving a memory command to access a protected memory location; 

3 determining whether the received memory command is a memory read command to read 

4 the protected memory location, or a memory write command to alter the protected memory 

5 location; 

6 in response to determining that the received memory command is the memory write 

7 command: 

8 identifying a memory protection key corresponding to the protected memory 

9 location; 

10 determining whether the memory write command includes the memory protection 

1 1 key corresponding to the protected memory location, wherein at least the memory protection key 

12 in the memory write command has been written to volatile memory; 

13 permitting completion of the memory write command if the memory write 

14 command includes the memory protection key corresponding to the protected memory location; 

15 and 

16 rendering the memory protection key in the memory write command that has been 

17 written to the volatile memory inaccessible by overwriting at least a portion of the memory 

18 protection key in the volatile memory upon completion of the memory write command to make 

19 the memory protection key in the volatile memory inaccessible after completion of the memory 

20 write command; and 

21 in response to determining that the received memory command is the memory read 

22 command, processing the memory read command to read the protected memory location without 

23 checking for any memory protection key. 

1 23. The method of claim 22, wherein permitting comprises performing the memory write 

2 command. 

1 24. The method of claim 22, wherein receiving comprises receiving the memory command 

2 from an originating electronic device component, and wherein permitting comprises allowing the 

3 originating electronic device component to perform the memory write command. 
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1 



25. 



The method of claim 22, further comprising: 



2 



receiving data to be written to the protected memory location; and 
generating the memory write command responsive to receiving the data. 



3 



1 26. The method of claim 44, wherein the received data comprises a received key, and 

2 wherein generating comprises extracting the received key from the received data and inserting 

3 the received key into the memory write command. 

1 27. The method of claim 26, wherein determining comprises comparing the memory 

2 protection key corresponding to the protected memory location with the received key in the 

3 memory write command. 

1 28. The method of claim 26, wherein determining comprises retrieving a modified version 

2 of the memory protection key corresponding to the protected memory location, modifying the 

3 received key in the memory write command to generate a modified received key, and comparing 

4 the modified received key to the modified version of the memory protection key corresponding 

5 to the protected memory location. 

1 30. The method of claim 22, wherein identifying comprises identifying a protected memory 

2 location in the memory write command and accessing a mapping table that maps protected 

3 memory locations to respective corresponding memory protection keys. 

1 32. The method of claim 22, further comprising: 

2 receiving memory commands to alter unprotected memory locations; and 

3 permitting completion of the memory commands to alter unprotected memory locations 

4 without checking for any memory protection keys. 
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1 34. The method of claim 22, wherein said identifying step comprises accessing the memory 

2 protection key corresponding to the protected memory location in a key store, the method further 

3 comprising: 

4 receiving a command to establish a new protected memory location in the memory and a 

5 memory protection key corresponding to the new protected memory location; 

6 establishing the new protected memory location in the memory; and 

7 storing the memory protection key in the key store. 

1 35. A computer-readable medium storing instructions for performing the method of claim 

2 22. 

1 36. A method of protecting electronic memory, comprising: 

2 configuring a memory store of an electronic device into at least one protected memory 

3 location and a key store operable to store an identifier of each protected memory location and a 

4 respective corresponding memory protection key; and 

5 configuring a processor of the electronic device to provide a memory access manager 

6 operable to receive memory commands for altering contents of any of the at least one protected 

7 memory location, and for at least one memory command, to: 

8 determine whether the at least one memory command includes a memory 

9 protection key corresponding to at least one protected memory location to be modified, said at 

10 least one memory command including the memory protection key corresponding to at least one 

1 1 said protected memory location to be modified, 

12 permit the at least one memory command to complete, and 

13 then render each corresponding memory protection key in the at least one memory 



14 command inaccessible by overwriting at least a portion of the memory protection key upon 

15 completion of the at least one memory command, wherein the at least one memory command 

16 corresponds to a remote software update received by a wireless receiver for updating the at least 

17 one protected memory location to be modified. 

1 39. A computer-readable medium storing instructions for performing the method of claim 

2 36. 
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1 41. The system of claim 1, wherein the memory access manager is configured to further 

2 receive a memory read command to read content of a particular protected memory location, the 

3 memory access manager to allow the memory read command to proceed to read the content of 

4 the particular protected memory location without checking for any memory protection key. 

1 43. The electronic device of claim 16, wherein the memory protection system is configured 

2 to further: 

3 receive a memory read command to access a particular one of the protected memory 

4 locations, 

5 perform reading of the particular protected memory location in response to the memory 

6 read command, without checking for any memory protection key. 

1 44. The method of claim 25, wherein receiving the data to be written comprises receiving, 

2 by a wireless receiver, a remote software update to be written to the protected memory location. 

1 45. The method of claim 36, wherein configuring the processor further comprises 

2 configuring the processor to receive a memory read command to read a particular one of the 

3 protected memory locations, and to permit the memory read command to read the particular 

4 protected memory location without checking for any memory protection key. 

1 46. The memory protection system of claim 1, wherein the at least a portion of the memory 

2 protection key is overwritten upon completion of the memory command. 

1 47. The method of claim 36, wherein the memory protection key in the at least one memory 

2 command is written to volatile memory, and wherein the memory protection key in the at least 

3 one memory command is rendered inaccessible by overwriting at least the portion of the memory 

4 protection key written to the volatile memory such that the memory protection key written to the 

5 volatile memory is rendered inaccessible after completion of the at least one memory command. 
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IX. EVIDENCE APPENDIX 



None. 
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X. RELATED PROCEEDINGS APPENDIX 



None. 



